Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Perform 7 steps to information protection
              Document created: 18/03/2010 11:17:14




      18/03/2010 11:17:1...
Table of Contents

1 Perform 7 steps to information protection...............................................................
1.5.1 Inform people of their Information responsibilities....................................................................
1 Perform 7 steps to information protection                                                        Meet                   ...
1.1 Meet Compliancy regulations                                                                                       Meet...
Assess information                     Determine info protection               Conduct a
                                 ...
1.1.1.1.1 Identify which Info should be protected                                Conduct a                                ...
Conduct a                            Identify                          Identify
                                          ...
1.1.1.1.5 Identify high risk Business processes                                  Conduct a                            Iden...
1.1.1.1.9 Quantify & qualify the risk of Confidential                             Conduct a                              Q...
1.1.1.2.1 Locate Confidential data on network                                     Implement software to identify         L...
Implement software to identify         Identify
                                                                          ...
1.2.1 Define Confidential information                                             Identify & classify                 Defi...
1.2.2 Assign Levels of protection                                                 Identify & classify                 Assi...
[The author has not attached any text yet.]                                       Define                                  ...
1.4.1.1 Compare Tecnology solutions                                               Review                                Co...
Adopt & deploy                       Choose technology with
[The author has not attached any text yet.]                   ...
1.5.1.2 Develop Training                                                          Inform people of their                  ...
1.6.1 Identify Key Processes where info is at risk                                Integrate practices into            Iden...
1.7.1.1 Establish Audit parameters & methodology                                  Examine current                         ...
Upcoming SlideShare
Loading in …5
×

Perform 7 Steps To Information Protection

323 views

Published on

Published in: Technology
  • Login to see the comments

  • Be the first to like this

Perform 7 Steps To Information Protection

  1. 1. Perform 7 steps to information protection Document created: 18/03/2010 11:17:14 18/03/2010 11:17:14 Perform 7 steps to information protection 1
  2. 2. Table of Contents 1 Perform 7 steps to information protection............................................................................................. 4 1.1 Meet Compliancy regulations....................................................................................................... 5 1.2 Maximize Data security............................................................................................................... 5 1.3 Safeguard Intellectual property.................................................................................................... 5 1.1 Assess information Loss & compromise risks.................................................................................. 5 1.1.1 Determine info protection Strategy approach & priorities..........................................................5 1.1.1.1 Conduct a Risk assessment and survey.......................................................................... 6 1.1.1.1.1 Identify which Info should be protected.................................................................. 7 1.1.1.1.2 Distinguish Types of confidential information........................................................... 7 1.1.1.1.2.1 Apply Classifications..................................................................................... 7 1.1.1.1.3 Determine Perceived risks.................................................................................... 7 1.1.1.1.4 Identify Existing info protection............................................................................. 7 1.1.1.1.4.1 Identify Policies........................................................................................... 8 1.1.1.1.4.2 Identify Procedures...................................................................................... 8 1.1.1.1.4.3 Identify Practices......................................................................................... 8 1.1.1.1.5 Identify high risk Business processes..................................................................... 9 1.1.1.1.6 Determine awareness of Incidents of info vulnerability............................................. 9 1.1.1.1.7 Understand the Organizations risk tolerance........................................................... 9 1.1.1.1.8 Understand companies related Priorities & preferences............................................. 9 1.1.1.1.9 Quantify & qualify the risk of Confidential information loss...................................... 10 1.1.1.2 Implement software to identify Technical risk................................................................ 10 1.1.1.2.1 Locate Confidential data on network..................................................................... 11 1.1.1.2.2 Determine who has Access..................................................................................11 1.1.1.2.3 Demonstrate Internal information flow................................................................. 11 1.1.1.2.4 Collate evidence of Unauthorized info transfer....................................................... 11 1.1.1.2.5 Identify High risk business processes................................................................... 11 1.1.1.2.6 Document At-risk confidential data...................................................................... 12 1.1.1.2.7 Quantify Risk of non-compliance.......................................................................... 12 1.1.1.2.8 Provide a record of Internal / external info flow..................................................... 12 1.2 Identify & classify Confidential information................................................................................... 12 1.2.1 Define Confidential information........................................................................................... 13 1.2.1.1 Use best practices to update Information classifications.................................................. 13 1.2.1.2 Identify Confidential information................................................................................. 13 1.2.1.3 Apply Classifications.................................................................................................. 13 1.2.2 Assign Levels of protection................................................................................................. 14 1.2.2.1 Use Classifications..................................................................................................... 14 1.3 Develop Policies & procedures.................................................................................................... 14 1.3.1 Define Responsibilities for protection................................................................................... 14 1.3.1.1 Compare existing Policies to best practices................................................................... 14 1.3.1.2 Develop Policy updates.............................................................................................. 15 1.3.1.2.1 Base them on Best-in-class models...................................................................... 15 1.4 Deploy technologies that enable Policy compliance & enforcement...................................................15 1.4.1 Review Compliance technology........................................................................................... 15 1.4.1.1 Compare Tecnology solutions...................................................................................... 16 1.4.1.1.1 Assess the Costs............................................................................................... 16 1.4.1.1.2 Assess the Benefits............................................................................................ 16 1.4.2 Adopt & deploy Policy compliance technology....................................................................... 16 1.4.2.1 Choose technology with Automatic enforcement............................................................ 17 1.5 Communicate & educate a Compliance culture.............................................................................. 17 18/03/2010 11:17:14 Perform 7 steps to information protection 2
  3. 3. 1.5.1 Inform people of their Information responsibilities................................................................. 17 1.5.1.1 Draft Key messages................................................................................................... 17 1.5.1.2 Develop Training....................................................................................................... 18 1.5.2 Motivate Information protection behaviour........................................................................... 18 1.5.2.1 Establish an ongoing Communication campaign............................................................. 18 1.6 Integrate practices into Business processes.................................................................................. 18 1.6.1 Identify Key Processes where info is at risk.......................................................................... 19 1.6.2 Develop a plan to integrate Info policy into those processes................................................... 19 1.7 Audit to ensure Stakeholder accountability................................................................................... 19 1.7.1 Examine current Practices & remediate deficiencies............................................................... 19 1.7.1.1 Establish Audit parameters & methodology................................................................... 20 1.7.1.2 Conduct Audit........................................................................................................... 20 1.7.1.2.1 Assess Compliance with info policies.....................................................................20 18/03/2010 11:17:14 Perform 7 steps to information protection 3
  4. 4. 1 Perform 7 steps to information protection Meet Perform Assess information Compliancy regulations 7 steps to information Loss & compromise risks WHY HOW From: http://eval.symantec.com/mktginfo/enterprise/white_papers/b- whitepaper_vontu_7_steps_to_information_protection_01-2009.en-us.pdf  And And Maximize Identify & classify "Vulnerability, risk, and information protection challenges Data security Confidential information Every organization is at risk of confidential information loss. Billions of dollars worth of And And profits, competitive advantage, reputation, and market share are at stake. Today’s highly competitive business environment intensifies the vulnerability and risk. Global Safeguard Develop operations, with outsourced and off-shored business functions, spread the vulnerability. Intellectual property Policies & procedures Tools for accessing and distributing information, such as the Internet and mobile computing devices, exacerbate the risk. And Information vulnerability and risk come from both malicious and unintentional Deploy technologies that enable disclosures by employees and partners; unintentional disclosures are usually the larger Policy compliance & enforc... problem. Reducing these risks and vulnerabilities is now both a business imperative and a legal mandate as recent regulations impose obligations on organizations to protect And certain types of information. Communicate & educate a Compliance culture Global corporations and government organizations require more than network security and access control to guard their confidential data. They must protect the information And itself, inform the behavior of those carrying the information, have visibility regarding where their confidential data resides on their network, have influence over where that Integrate practices into data is going, and implement a policy for managing it. A strategy that balances the Business processes organization’s legal and business needs to protect information with the competing interests to share it is vital. And Audit to ensure 7 steps to information protection Stakeholder accountability Information protection strategy best practices involve a cross-functional team that: 1. Assesses risks 2. Identifies and classifies confidential information 3. Develops information protection policies and procedures 4. Deploys technologies that enable policy compliance and enforcement 5. Communicates and educates stakeholders to create a compliance culture 6. Integrates information protection practices into businesses processes 7. Audits so that stakeholders are held accountable." 18/03/2010 11:17:14 Perform 7 steps to information protection 4
  5. 5. 1.1 Meet Compliancy regulations Meet Perform Compliancy regulations 7 steps to information HOW [The author has not attached any text yet.] 1.2 Maximize Data security Maximize Perform Data security 7 steps to information HOW [The author has not attached any text yet.] 1.3 Safeguard Intellectual property Safeguard Perform Intellectual property 7 steps to information HOW [The author has not attached any text yet.] 1.1 Assess information Loss & compromise risks Perform Assess information Determine info protection Assess information Loss & compromise risks 7 steps to information Loss & compromise risks Strategy approach & priorities WHY HOW   1.1.1 Determine info protection Strategy approach & priorities [The author has not attached any text yet.] 18/03/2010 11:17:14 Perform 7 steps to information protection 5
  6. 6. Assess information Determine info protection Conduct a Loss & compromise risks Strategy approach & priorities Risk assessment and survey WHY HOW And Implement software to identify Technical risk 1.1.1.1 Conduct a Risk assessment and survey Determine info protection Conduct a Identify which Strategy approach & priorities Risk assessment and survey Info should be protected WHY HOW [The author has not attached any text yet.] And Distinguish Types of confidential informa... And Determine Perceived risks And Identify Existing info protection And Identify high risk Business processes And Determine awareness of Incidents of info vulnerability And Understand the Organizations risk tolerance And Understand companies related Priorities & preferences And Quantify & qualify the risk of Confidential information loss 18/03/2010 11:17:14 Perform 7 steps to information protection 6
  7. 7. 1.1.1.1.1 Identify which Info should be protected Conduct a Identify which Risk assessment and survey Info should be protected WHY [The author has not attached any text yet.] 1.1.1.1.2 Distinguish Types of confidential Conduct a Distinguish Apply Risk assessment and survey Types of confidential informa... Classifications information WHY HOW [The author has not attached any text yet.] 1.1.1.1.2.1 Apply Classifications Distinguish Apply Types of confidential informa... Classifications WHY [The author has not attached any text yet.] 1.1.1.1.3 Determine Perceived risks Conduct a Determine Risk assessment and survey Perceived risks WHY [The author has not attached any text yet.] 1.1.1.1.4 Identify Existing info protection [The author has not attached any text yet.] 18/03/2010 11:17:14 Perform 7 steps to information protection 7
  8. 8. Conduct a Identify Identify Risk assessment and survey Existing info protection Policies WHY HOW And Identify Procedures And Identify Practices 1.1.1.1.4.1 Identify Policies Identify Identify Existing info protection Policies WHY [The author has not attached any text yet.] 1.1.1.1.4.2 Identify Procedures Identify Identify Existing info protection Procedures WHY [The author has not attached any text yet.] 1.1.1.1.4.3 Identify Practices Identify Identify Existing info protection Practices WHY [The author has not attached any text yet.] 18/03/2010 11:17:14 Perform 7 steps to information protection 8
  9. 9. 1.1.1.1.5 Identify high risk Business processes Conduct a Identify high risk Risk assessment and survey Business processes WHY [The author has not attached any text yet.] 1.1.1.1.6 Determine awareness of Incidents of info Conduct a Determine awareness of Risk assessment and survey Incidents of info vulnerability vulnerability WHY [The author has not attached any text yet.] 1.1.1.1.7 Understand the Organizations risk Conduct a Understand the Risk assessment and survey Organizations risk tolerance tolerance WHY [The author has not attached any text yet.] 1.1.1.1.8 Understand companies related Priorities & Conduct a Understand companies related Risk assessment and survey Priorities & preferences preferences WHY [The author has not attached any text yet.] 18/03/2010 11:17:14 Perform 7 steps to information protection 9
  10. 10. 1.1.1.1.9 Quantify & qualify the risk of Confidential Conduct a Quantify & qualify the risk of Risk assessment and survey Confidential information loss information loss WHY [The author has not attached any text yet.] 1.1.1.2 Implement software to identify Technical risk Determine info protection Implement software to identify Locate Strategy approach & priorities Technical risk Confidential data on network WHY HOW [The author has not attached any text yet.] And Determine who has Access And Demonstrate Internal information flow And Collate evidence of Unauthorized info transfer And Identify High risk business processes And Document At-risk confidential data And Quantify Risk of non-compliance And Provide a record of Internal / external info flow 18/03/2010 11:17:14 Perform 7 steps to information protection 10
  11. 11. 1.1.1.2.1 Locate Confidential data on network Implement software to identify Locate Technical risk Confidential data on network WHY [The author has not attached any text yet.] 1.1.1.2.2 Determine who has Access Implement software to identify Determine who has Technical risk Access WHY [The author has not attached any text yet.] 1.1.1.2.3 Demonstrate Internal information flow Implement software to identify Demonstrate Technical risk Internal information flow WHY [The author has not attached any text yet.] 1.1.1.2.4 Collate evidence of Unauthorized info Implement software to identify Collate evidence of Technical risk Unauthorized info transfer transfer WHY [The author has not attached any text yet.] 1.1.1.2.5 Identify High risk business processes [The author has not attached any text yet.] 18/03/2010 11:17:14 Perform 7 steps to information protection 11
  12. 12. Implement software to identify Identify Technical risk High risk business processes WHY 1.1.1.2.6 Document At-risk confidential data Implement software to identify Document Technical risk At-risk confidential data WHY [The author has not attached any text yet.] 1.1.1.2.7 Quantify Risk of non-compliance Implement software to identify Quantify Technical risk Risk of non-compliance WHY [The author has not attached any text yet.] 1.1.1.2.8 Provide a record of Internal / external info Implement software to identify Provide a record of Technical risk Internal / external info flow flow WHY [The author has not attached any text yet.] 1.2 Identify & classify Confidential information Perform Identify & classify Define 7 steps to information Confidential information Confidential information WHY HOW [The author has not attached any text yet.] And Assign Levels of protection 18/03/2010 11:17:14 Perform 7 steps to information protection 12
  13. 13. 1.2.1 Define Confidential information Identify & classify Define Use best practices to update Confidential information Confidential information Information classifications WHY HOW [The author has not attached any text yet.] And Identify Confidential information And Apply Classifications 1.2.1.1 Use best practices to update Information Define Use best practices to update Confidential information Information classifications classifications WHY [The author has not attached any text yet.] 1.2.1.2 Identify Confidential information Define Identify Confidential information Confidential information WHY [The author has not attached any text yet.] 1.2.1.3 Apply Classifications Define Apply Confidential information Classifications WHY [The author has not attached any text yet.] 18/03/2010 11:17:14 Perform 7 steps to information protection 13
  14. 14. 1.2.2 Assign Levels of protection Identify & classify Assign Use Confidential information Levels of protection Classifications WHY HOW [The author has not attached any text yet.] 1.2.2.1 Use Classifications Assign Use Levels of protection Classifications WHY [The author has not attached any text yet.] 1.3 Develop Policies & procedures Perform Develop Define 7 steps to information Policies & procedures Responsibilities for protection WHY HOW [The author has not attached any text yet.] 1.3.1 Define Responsibilities for protection Develop Define Compare existing Policies & procedures Responsibilities for protection Policies to best practices WHY HOW [The author has not attached any text yet.] And Develop Policy updates 1.3.1.1 Compare existing Policies to best practices 18/03/2010 11:17:14 Perform 7 steps to information protection 14
  15. 15. [The author has not attached any text yet.] Define Compare existing Responsibilities for protection Policies to best practices WHY 1.3.1.2 Develop Policy updates Define Develop Base them on Responsibilities for protection Policy updates Best-in-class models WHY HOW [The author has not attached any text yet.] 1.3.1.2.1 Base them on Best-in-class models Develop Base them on Policy updates Best-in-class models WHY [The author has not attached any text yet.] 1.4 Deploy technologies that enable Policy Perform Deploy technologies that Review 7 steps to information enable Compliance technology compliance & enforcement WHY Policy compliance & enforc... HOW And [The author has not attached any text yet.] Adopt & deploy Policy compliance technology 1.4.1 Review Compliance technology Deploy technologies that Review Compare enable Compliance technology Tecnology solutions Policy compliance & enforc... WHY HOW [The author has not attached any text yet.] 18/03/2010 11:17:14 Perform 7 steps to information protection 15
  16. 16. 1.4.1.1 Compare Tecnology solutions Review Compare Assess the Compliance technology Tecnology solutions Costs WHY HOW [The author has not attached any text yet.] And Assess the Benefits 1.4.1.1.1 Assess the Costs Compare Assess the Tecnology solutions Costs WHY [The author has not attached any text yet.] 1.4.1.1.2 Assess the Benefits Compare Assess the Tecnology solutions Benefits WHY [The author has not attached any text yet.] 1.4.2 Adopt & deploy Policy compliance technology Deploy technologies that Adopt & deploy Choose technology with enable Policy compliance technology Automatic enforcement Policy compliance & enforc... WHY HOW [The author has not attached any text yet.] 1.4.2.1 Choose technology with Automatic enforcement 18/03/2010 11:17:14 Perform 7 steps to information protection 16
  17. 17. Adopt & deploy Choose technology with [The author has not attached any text yet.] Policy compliance technology Automatic enforcement WHY 1.5 Communicate & educate a Compliance culture Perform Communicate & educate a Inform people of their 7 steps to information Compliance culture Information responsibilities WHY HOW [The author has not attached any text yet.] And Motivate Information protection behav... 1.5.1 Inform people of their Information Communicate & educate a Inform people of their Draft Compliance culture Information responsibilities Key messages responsibilities WHY HOW And [The author has not attached any text yet.] Develop Training 1.5.1.1 Draft Key messages Inform people of their Draft Information responsibilities Key messages WHY [The author has not attached any text yet.] 18/03/2010 11:17:14 Perform 7 steps to information protection 17
  18. 18. 1.5.1.2 Develop Training Inform people of their Develop Information responsibilities Training WHY [The author has not attached any text yet.] 1.5.2 Motivate Information protection behaviour Communicate & educate a Motivate Establish an ongoing Compliance culture Information protection behav... Communication campaign WHY HOW [The author has not attached any text yet.] 1.5.2.1 Establish an ongoing Communication Motivate Establish an ongoing Information protection behav... Communication campaign campaign WHY [The author has not attached any text yet.] 1.6 Integrate practices into Business processes Perform Integrate practices into Identify Key 7 steps to information Business processes Processes where info is at risk WHY HOW [The author has not attached any text yet.] And Develop a plan to integrate Info policy into those processes 18/03/2010 11:17:14 Perform 7 steps to information protection 18
  19. 19. 1.6.1 Identify Key Processes where info is at risk Integrate practices into Identify Key Business processes Processes where info is at risk WHY [The author has not attached any text yet.] 1.6.2 Develop a plan to integrate Info policy into Integrate practices into Develop a plan to integrate Business processes Info policy into those processes those processes WHY [The author has not attached any text yet.] 1.7 Audit to ensure Stakeholder accountability Perform Audit to ensure Examine current 7 steps to information Stakeholder accountability Practices & remediate defici... WHY HOW [The author has not attached any text yet.] 1.7.1 Examine current Practices & remediate Audit to ensure Examine current Establish Stakeholder accountability Practices & remediate defici... Audit parameters & methodo... deficiencies WHY HOW And [The author has not attached any text yet.] Conduct Audit 18/03/2010 11:17:14 Perform 7 steps to information protection 19
  20. 20. 1.7.1.1 Establish Audit parameters & methodology Examine current Establish Practices & remediate defici... Audit parameters & methodo... WHY [The author has not attached any text yet.] 1.7.1.2 Conduct Audit Examine current Conduct Assess Practices & remediate defici... Audit Compliance with info policies WHY HOW [The author has not attached any text yet.] 1.7.1.2.1 Assess Compliance with info policies Conduct Assess Audit Compliance with info policies WHY [The author has not attached any text yet.] 18/03/2010 11:17:14 Perform 7 steps to information protection 20

×